Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-0963

    Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc... Read more

    Affected Products : word windows_2000
    • EPSS Score: %44.14
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-1042

    Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.... Read more

    Affected Products : mandrake_linux
    • EPSS Score: %0.50
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0961

    Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.... Read more

    • EPSS Score: %0.84
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0491

    Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.... Read more

    Affected Products : suse_linux gdm openlinux
    • EPSS Score: %6.92
    • Published: May. 24, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0953

    WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.... Read more

    Affected Products : wwwboard
    • EPSS Score: %3.19
    • Published: Sep. 16, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0951

    Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.... Read more

    Affected Products : omnihttpd
    • EPSS Score: %4.58
    • Published: Oct. 22, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0878

    Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.... Read more

    Affected Products : wu-ftpd beroftpd
    • EPSS Score: %1.35
    • Published: Aug. 22, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0874

    Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.... Read more

    • EPSS Score: %85.13
    • Published: Jun. 16, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0662

    A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete.... Read more

    Affected Products :
    • EPSS Score: %0.48
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0527

    The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.... Read more

    Affected Products :
    • EPSS Score: %0.35
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0198

    finger .@host on some systems may print information on some user accounts.... Read more

    Affected Products :
    • EPSS Score: %0.48
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-2973

    An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Onl... Read more

    Affected Products :
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-22518

    All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Usin... Read more

    • Actively Exploited
    • EPSS Score: %94.38
    • Published: Oct. 31, 2023
    • Modified: Feb. 10, 2025

  • 10.0

    HIGH
    CVE-2012-5087

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.... Read more

    Affected Products : jdk jre
    • EPSS Score: %6.22
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-30310

    In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper acc... Read more

    • EPSS Score: %1.09
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30309

    In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to impro... Read more

    • EPSS Score: %0.65
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-27626

    A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary comma... Read more

    • EPSS Score: %2.38
    • Published: Oct. 20, 2022
    • Modified: Jan. 14, 2025

  • 10.0

    HIGH
    CVE-2022-25163

    Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi El... Read more

    • EPSS Score: %0.73
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-20705

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more

    • EPSS Score: %81.48
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-37535

    SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.... Read more

    • EPSS Score: %0.34
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results